Show Table of Contents
17.3. Creating and Managing Roles
Red Hat Satellite provides a set of predefined roles with permissions sufficient for standard tasks, as listed in Table 17.1, “Predefined Roles Available in Red Hat Satellite”. It is also possible to configure custom roles, and assign one or more permission filters to them. Permission filters define the actions allowed for a certain resource type. Certain Satellite plug-ins create roles automatically.
Table 17.1. Predefined Roles Available in Red Hat Satellite
| Role | Permissions Provided by Role[a] |
|---|---|
| Anonymous | The set of permissions that every user is granted, irrespective of any other roles. |
| Discovery manager | View, provision, edit, and destroy discovered hosts and manage discovery rules. |
| Discovery reader | View hosts and discovery rules. |
| Boot disk access | Download the boot disk. |
| Red Hat Access Logs | View the log viewer and the logs. |
| Manager | A most extensive set of permissions, the majority of actions from each resource type is enabled. |
| Edit partition tables | View, create, edit and destroy partition tables. |
| View hosts | View hosts. |
| Edit hosts | View, create, edit, destroy, and build hosts. |
| Viewer | A passive role that provides the ability to view the configuration of every element of the Satellite structure, logs, and statistics. |
| Site manager | A restrained version of the Manager role. |
| Tasks manager | View and edit Satellite tasks. |
| Tasks reader | View Satellite tasks. |
[a]
The exact set of allowed actions associated with predefined roles can be viewed by the privileged user as described in Section 17.3.4, “Viewing Permissions of a Role”.
| |
17.3.1. Creating a Role
The following steps show how to create a role.
Procedure 17.8. To Create a Role:
- Navigate to → .
- Click .
- Provide a Name for the role.
- Click to save your new role.
To serve its purpose, a role must contain permissions. After creating a role, proceed to Section 17.3.3, “Adding Permissions to a Role”.
17.3.2. Cloning a Role
Cloning an existing role is a time-saving method of role creation, especially if you want to create a new role that is a variation of an existing permission set. The following procedure explains how to clone a role.
- Navigate to →
- Select from the drop-down list to the right of the role to be copied.
- Select the name for the new role and alter the permissions as needed.
17.3.3. Adding Permissions to a Role
The following steps show how to add permissions to a role.
Procedure 17.9. To Add Permissions to a Role:
- Navigate to → .
- Select from the drop-down list to the right of the required role.
- Select the from the drop-down list.
Note
The (Miscellaneous) group gathers permissions that are not associated with any resource group. - Click the permissions you want to select from the list.
- Select whether the permission is .
- To search for a particular role, use the field at the top of the list of roles. See Section 17.4, “Granular Permission Filtering” for the details of using filtering during these searches.
- Click .
- Click to save changes.
17.3.4. Viewing Permissions of a Role
The following procedure shows how to view permissions assigned to an existing role.
Procedure 17.10. To View Permissions Associated with a Role:
- Navigate to → .
- Click to the right of the required role to get to the Filters page.
The Filters page contains a table of permissions assigned to a role grouped by the resource type. It is also possible to generate a complete table of permissions and actions that you can use on your Satellite system. See Procedure 17.11, “To Create a Complete Permission Table:” for instructions.
17.3.5. Creating a Complete Permission Table
The following procedure explains how to generate a table of all the permissions available in your installation of Satellite. This procedure produces an exhaustive list of the permissions in the Satellite system, and is the best method of generating a reference of procedures for your installation of Satellite.
Procedure 17.11. To Create a Complete Permission Table:
- Ensure that the required packages are installed:
# yum install ruby193-rubygem-foreman*
- Start the Satellite console with the following command:
# foreman-rake console
- Insert the following code into the console:
f = File.open('/tmp/table.html', 'w') result = Foreman::AccessControl.permissions.sort {|a,b| a.security_block <=> b.security_block}.collect do |p| actions = p.actions.collect { |a| "<li>#{a}</li>" } "<tr><td>#{p.name}</td><td><ul>#{actions.join('')}</ul></td><td>#{p.resource_type}</td></tr>" end.join("\n") f.write(result)The above syntax creates a table of permissions and saves it to the/tmp/table.htmlfile. - Press Ctrl+D to exit the Satellite console. Insert the following text at the first line of
/tmp/table.html:<table border="1"><tr><td>Permission name</td><td>Actions</td><td>Resource type</td></tr>
- Append the following text at the end of
/tmp/table.html:</table>
- Open
/tmp/table.htmlin a web browser to view the table.
17.3.6. Removing a Role
The following steps show how to remove an existing role.
Procedure 17.12. To Remove a Role:
- Navigate to → .
- Select from the drop-down list to the right of the role to be deleted.
- In an alert box that appears, click to delete the role.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.